替换字段名称中的点 [英] Replacing a dot in an field name

问题描述

早上好

致力于升级到最新版本的ELK堆栈，并遇到字段映射问题.我的原始数据中有类似以下内容的内容:

Working on upgrading to the lastest version of the ELK stack and running into an issue with the field mapping. I have something similar to the following in my raw data:

{
  "_index" : "logstash-2016.04.21",
  "level1" : {
    "level2" : {
      "1" : "somevalue",
      "1.1" : "somevalue1"
    }
  }
}

众所周知，elasticsearch 2.X不喜欢字段名称中的点(.)，而是弄乱了点符号.因此，作为Elasticsearch的新手，我一直无法找到一种方法或搜索正确的术语，从而找到一种使用映射或分析器或我尚不了解的东西"来解决此问题的方法.我希望这里的社区可以帮助我找到解决此问题的方法，以便我可以重新索引所有当前索引以及将其映射为将来的索引.

And as we all know elasticsearch 2.X does not like dots (.) in field names, messes up the dot-notation. So as a total newbie to elasticsearch, I have not been able to find a way, or search the right terms, to find a way to fix this using mappings or analyzers or 'something i do not yet know about'. I am hoping the community here can help me find a way to fix this so I can re-index all of my current indexes as well as mapping it for future indexes.

当前在ES版本1.7上，在debian上运行

Currently on ES version 1.7, running on debian

谢谢你，迈克

推荐答案

如果您无法解决输入问题，logstash将具有

If you can't fix the input, logstash has a de_dot filter for this purpose.

这篇关于替换字段名称中的点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！